rpms/gzip/devel gzip-1.3.12-cve-2010-0001.patch, NONE, 1.1 gzip.spec, 1.51, 1.52
Karel Klíč
kklic at fedoraproject.org
Fri Jan 22 09:05:34 UTC 2010
Author: kklic
Update of /cvs/extras/rpms/gzip/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv22595
Modified Files:
gzip.spec
Added Files:
gzip-1.3.12-cve-2010-0001.patch
Log Message:
Fixed CVE-2010-0001
gzip-1.3.12-cve-2010-0001.patch:
unlzw.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- NEW FILE gzip-1.3.12-cve-2010-0001.patch ---
diff -up gzip-1.3.12/inflate.c.cve-2010-0001 gzip-1.3.12/inflate.c
diff -up gzip-1.3.12/unlzw.c.cve-2010-0001 gzip-1.3.12/unlzw.c
--- gzip-1.3.12/unlzw.c.cve-2010-0001 2006-12-11 19:54:39.000000000 +0100
+++ gzip-1.3.12/unlzw.c 2010-01-14 14:38:58.408250047 +0100
@@ -248,7 +248,8 @@ int unlzw(in, out)
int o;
resetbuf:
- e = insize-(o = (posbits>>3));
+ o = posbits >> 3;
+ e = o <= insize ? insize - o : 0;
for (i = 0 ; i < e ; ++i) {
inbuf[i] = inbuf[i+o];
Index: gzip.spec
===================================================================
RCS file: /cvs/extras/rpms/gzip/devel/gzip.spec,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -p -r1.51 -r1.52
--- gzip.spec 1 Dec 2009 15:50:17 -0000 1.51
+++ gzip.spec 22 Jan 2010 09:05:33 -0000 1.52
@@ -1,21 +1,23 @@
Summary: The GNU data compression program
Name: gzip
Version: 1.3.13
-Release: 1%{?dist}
+Release: 2%{?dist}
# info pages are under GFDL license
License: GPLv3+ and GFDL
Group: Applications/File
Source: http://ftp.gnu.org/gnu/gzip/gzip-%{version}.tar.gz
Patch0: gzip-1.3.12-openbsd-owl-tmp.patch
Patch1: gzip-1.3.5-zforce.patch
-Patch3: gzip-1.3.9-stderr.patch
-Patch4: gzip-1.3.10-zgreppipe.patch
-Patch5: gzip-1.3.13-rsync.patch
-Patch7: gzip-1.3.9-addsuffix.patch
-Patch14: gzip-1.3.5-cve-2006-4338.patch
-Patch15: gzip-1.3.13-cve-2006-4337.patch
-Patch16: gzip-1.3.5-cve-2006-4337_len.patch
-Patch18: gzip-1.3.12-zdiff.patch
+Patch2: gzip-1.3.9-stderr.patch
+Patch3: gzip-1.3.10-zgreppipe.patch
+Patch4: gzip-1.3.13-rsync.patch
+Patch5: gzip-1.3.9-addsuffix.patch
+Patch6: gzip-1.3.5-cve-2006-4338.patch
+Patch7: gzip-1.3.13-cve-2006-4337.patch
+Patch8: gzip-1.3.5-cve-2006-4337_len.patch
+Patch9: gzip-1.3.12-zdiff.patch
+# Fixed in upstream code.
+Patch10: gzip-1.3.12-cve-2010-0001.patch
URL: http://www.gzip.org/
Requires: /sbin/install-info
Requires: mktemp less
@@ -33,14 +35,15 @@ very commonly used data compression prog
%setup -q
%patch0 -p1 -b .owl-tmp
%patch1 -p1 -b .zforce
-%patch3 -p1 -b .stderr
-%patch4 -p1 -b .nixi
-%patch5 -p1 -b .rsync
-%patch7 -p1 -b .addsuffix
-%patch14 -p1 -b .4338
-%patch15 -p1 -b .4337
-%patch16 -p1 -b .4337l
-%patch18 -p1 -b .ret
+%patch2 -p1 -b .stderr
+%patch3 -p1 -b .nixi
+%patch4 -p1 -b .rsync
+%patch5 -p1 -b .addsuffix
+%patch6 -p1 -b .4338
+%patch7 -p1 -b .4337
+%patch8 -p1 -b .4337l
+%patch9 -p1 -b .ret
+%patch10 -p1 -b .cve-2010-0001
%build
export DEFS="NO_ASM"
@@ -92,6 +95,9 @@ fi
%{_infodir}/gzip.info*
%changelog
+* Fri Jan 22 2010 Karel Klic <kklic at redhat.com> - 1.3.13-2
+- Fixed CVE-2010-0001 (rhbz#554418)
+
* Tue Dec 1 2009 Karel Klic <kklic at redhat.com> - 1.3.13-1
- New upstream version
- Updated license from GPLv2 to GPLv3+
More information about the scm-commits
mailing list